Spam Research Update

Back in April I started an informal spam research project to see if the conventional wisdom is true, namely that when you put your email address on a website it collects spam. Basically I littered my site with a email addresses and then kept watch to see when messages were delivered. Today I removed them from the site and would like to share my results so far.

Here are the email addresses I used, where I placed them and how many messages they received:

  • st1 - plain text in an html comment, at /blog - received 29
  • st2 - href=mailto in an html comment, at /blog - received 17
  • st3 - href=mailto in plain sight, at /blog - received 23
  • st4 - plain text in an html comment, at /gallery - received 8
  • st5 - href=mailto in an html comment, at /gallery - received 8
  • st6 - href=mailto in plain sight, at /gallery - received 7
  • Total messages: 92
  • First hit: 2006-05-05 04:21:39
  • First hit address: st2
  • Unique hosts: 38
  • Hosts sending only a single message: 22
  • Most messages from a single host: 8
  • Hosts listed in Spamhaus SBL-XBL: 25
  • Messages blocked by SBL-XBL: 37
  • Separate attacks: 18
  • Attacks with delays between messages: 6
  • Number of countries: 19
  • Most common countries: China (5), South Korea (6), U.S. (5)

The next step is to see how long I continue to receive messages at these addresses. I suspect it'll continue for at least 2 months. We'll see.

Finally, I came up with a clever way to trace back when these messages get skimmed off the server. Instead of a static address (st1, st2, etc.), I wrote up a simple little bit of php code to generate a unique email address of the form stT<date>T<ip address>. The things I'm most curious to find out are 1) how long spammers continue to use a certain address, 2) how widely the skimmed addresses are shared and 3) how far from the crawler the email address wanders. I'll let you know.

tags: 

Subscribe to Comments for "Spam Research Update" Subscribe to zmonkey.org - All comments